Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

KLA83652 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Cross-site...

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-44192 webkitgtk: A malicious website may exfiltrate data cross-origin CVE-2024-54467...

CVE-2025-4551

A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-20147

The CVE-2025-20147 issue affects Cisco Catalyst SD-WAN Manager (vManage) web-based management interface. The root cause is improper sanitization of user input in the management UI, enabling an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on the affected sys...

GHSA-Q9Q2-3PPX-MWQF Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser

Impact Two minor vulnerabilities were identified in the Graylog2 enterprise server, which can be combined to carry out a stored cross-site scripting attack. An attacker with the permission FILESCREATE can exploit these vulnerabilities to upload arbitrary Javascript code to the Graylog2 server,...

RHEL 8 : webkit2gtk3 (RHSA-2025:4445)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4445 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-44192 webkitgtk: A malicious website may exfiltrate data cross-origin CVE-2024-54467...

RHEL 9 : webkit2gtk3 (RHSA-2025:3755)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3755 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

ALSA-2025:3713 Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-44192 webkitgtk: A malicious website may exfiltrate data cross-origin CVE-2024-54467...

CVE-2025-30434

The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS 18.4. Processing a maliciously crafted file may lead to a cross site scripting attack...

CVE-2022-39163

IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync CSD attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting XSS attacks...

CVE-2025-27633

The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system...

CVE-2022-39163

CVE-2022-39163 (IBM Cognos Controller) affects IBM Cognos Controller 11.0.0–11.1.0 and IBM Controller 11.1.0, due to a Client-Side Desync (CSD) attack that could desynchronize a browser connection and enable cross-site scripting (XSS). The documented impact is limited to potential XSS via a desyn...

CVE-2025-27633

The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system...

CVE-2019-6697

An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the FortiGate to perform a Stored Cross Site...

CVE-2024-26006

An improper neutralization of input during web page Generation vulnerability CWE-79 in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote...

CVE-2024-26006

An improper neutralization of input during web page Generation vulnerability CWE-79 in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote...